Anonymity On-line

We've covered Tor in LJ before (see Kyle Rankin's "Browse the Web without a Trace", January 2008), but that was some time ago, and this subject seems to be more timely with each passing day. Also, with Tor being at only 0.2.x status, it still qualifies as software in development, so I'm justified in featuring it this month.

For those not in the know, Tor stands for The Onion Router, and its roots go all the way back to the US Naval Research Laboratory, Tor's original sponsors. It then became an EFF (Electronic Frontier Foundation) project until 2005, and it now has moved up to being its own nonprofit research/education organization: the Tor Project.

The essential idea is that your original IP address is masked by passing it through numerous special routers, designed to avoid keeping records, until the original source has been lost and the receiving end knows only about the last Tor box it encounters. To quote Tor's man page:

"Users choose a source-routed path through a set of nodes and negotiate a "virtual circuit" through the network, in which each node knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each node, which reveals the downstream node."

"Basically, Tor provides a distributed network of servers ("onion routers"). Users bounce their TCP streams—Web traffic, FTP, SSH and so on—around the routers, and recipients, observers and even the routers themselves have difficulty tracking the source of the stream."

However, all that may be a bit headache-inducing, and the Tor Web site explains things in human terms quite nicely:

"Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis."

"Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including Web browsers, instant-messaging clients, remote login and other applications based on the TCP protocol."

Tor takes a clever approach to anonymity, deliberately losing IP addresses as it bounces from server to server.

Tor can be a bit hard to understand at first, but if you look around, many tools can help you along the way, such as TorK and even custom distributions built around using Tor.

Installation and Usage

Surprisingly, there aren't many strange library requirements for Tor; it may install straightaway on many systems. The only missing library that got in the way was libevent, and installing libevent-dev (which selects the other needed libevent libraries along with it at the time) sorted this out. However, Tor recommends using the program Polipo, but I'll get to that in a moment.

To install Tor, head to the download page where source and binaries are available. You can figure out the binaries yourself, but for those using source, grab the latest tarball, extract it, and open a terminal in the new folder. Enter the usual commands:

$ ./configure
$ make

If your distro uses sudo:

$ sudo make install

If your distro doesn't:

$ su
# make install

To set up Tor for Web browsing, at this point, you have to install Polipo. This is in most distros' repositories, so you can decide how you want to install Polipo yourself. I'll quote Tor's documentation from here:

"Polipo is a caching Web proxy that does http pipelining well, so it's well suited for Tor's latencies. Make sure to get at least Polipo 1.0.4, since earlier versions lack the SOCKS support required to use Polipo with Tor."

"Once you've installed Polipo (either from package or from source), you will need to configure Polipo to use Tor. Grab our Polipo configuration for Tor and put it in place of your current polipo config file (for example, /etc/polipo/config or ~/.polipo). You'll need to restart Polipo for the changes to take effect. For example: /etc/init.d/polipo restart."

"If you prefer, you can instead use Privoxy with this sample Privoxy configuration. But, since the config files both use port 8118, you shouldn't run both Polipo and Privoxy at the same time."

"Configure Your Applications to Use Tor"

"After installing Tor and Polipo, you need to configure your applications to use them. The first step is to set up Web browsing."

"You should use Tor with Firefox and Torbutton for the best safety. Simply install the Torbutton plugin, restart Firefox, and you're all set (the Torbutton plugin for Firefox is available at https://addons.mozilla.org/firefox/2275)."

"To Torify other applications that support HTTP proxies, just point them at Polipo (that is, localhost port 8118). To use SOCKS directly (for instant messaging, Jabber, IRC and so on), you can point your application directly at Tor (localhost port 9050), but see the FAQ entry for why this may be dangerous. For applications that support neither SOCKS nor HTTP, take a look at tsocks or socat."

It's really hard to do justice to Tor in this small space, so I hope I've at least pointed you in a useful direction and haven't made any glaring errors. It really is worth heading to the Web site to understand it more fully. Speaking of the Web site, here's an appeal from the Tor folks themselves:

"Tor's security improves as its user base grows and as more people volunteer to run relays. (It isn't nearly as hard to set up as you might think and can significantly enhance your own security.) If running a relay isn't for you, we need help with many other aspects of the project, and we need funds to continue making the Tor network faster and easier to use while maintaining good security."

Information is becoming increasingly unsafe, and certain governments and corporations are becoming increasingly invasive regarding personal data. It's time that Net users started taking more care with their information, and Tor is an interesting technology that I'm sure will continue to become more relevant over time.

Comments

Comment viewing options

I tried this at work and seemed to be slow to load web pages. When I went to google I had to change from German to English as predicted by another commenter. It also prevented me from reading Yahoo email and had to be removed. Would be nice thing to have when the bugs are worked out.

The network is slow. Which is why the tor project wants more people to run nodes.

I don't know exactly what your problem with Yahoo is. (But you need to be aware of the danger of using credentials -- such as your Yahoo login -- on unencrypted connections. As I understand it, a rogue exit node can hijack your session via the cookies.) Some sites block all Tor IP addresses. Others, like Google and Yahoo (based on my experience) do not block the address per se but frequently will block because they see a large amount of traffic from that one IP address. I don't know if that is what you problem was, but if so I don't think Tor can address that. That is up to the indivual websites.

Seriously though, we support several privacy conscious clients and Tor is just one of the standard implmentations in our "Felix'es magic bag of trix".

Other tools include, of course, GPG and we like to implement Enigmail w/Thunderbird or use Claws. Also, we run our own XMPP servers providing server based gateways to all IM services at POSSR.com and like to use Tor whenever possible with Jabber clients for our more aware clients.

I wasn't really thinking about the NSA, but making a statement in general (I was actually thinking about other countries which aren't quite as technologically equipped, but have demonstrably authoritarian controls on information, with press blackouts and so on). Can a project like Tor really be 'about' something as specific as the topics you listed though, or does the technology speak for itself, whatever the user chooses to do with it?

I'm glad you brought that up. I'm fond of saying, "Don't say or transmit anything over the Internet that you wouldn't feel comfortable heralding from the highest rooftops."

What I mean by that is best illustrated by a particular set of clients that sought our services for conducting secret, or hidden communications - politically charged folks who for some reason feared that their benign political activities would somehow bring the current administration's wrath down upon them.

Among other extreme measures, they wanted to set up things like 'hidden' forums buried several directories deep on bizarre port numbers other than :443, using 'secret' DNS under made up SLD.TLDs, and incorporating a private network of homespun private Onion Routers that each of them would operate, in order to surf their tiny little Universe.

All of their political discussions about how to organize Tea Parties and develop a groundswell to vote out the current administration in the next round of presidential elections could theoretically be thwarted by some sort of 'Watergate Shenanigans', if they committed their legal conspiracy in the clear blue, or worse, fear of being blacklisted or finding that 'men in black' were visiting their employers, neighbors, and posing embarrassing questions about them.

Aside form the obvious (How to you develop a groundswell if you need a boatload of accessories to join their group?), I myself couldn't understand the relevance.

I mean, the whole point of their movement is based in political discourse and persuasion. The best thing that could happen is media attention. Right?

After all, once they've done their conspiring, they're just going to go and hang out at some busy intersection with picket signs!

The act of thinking that someone in the government here would sabotage their mission plans (What could really be the worst thing? A protagonist group on the opposite corner of the street opposing them?) was just absurd to me, however, we assured them we could implement the infrastructure they wanted for themselves.

I pointed out to them what I pointed out in my earlier post above, and for some reason the fact that ALL traffic is captured by the NSA and Echelon never seemed to occur to them.

At that point they relented when it was shown that the simplest thing was to simply create a "Group" within the forum system that was invite only, and then make those forums visible just to members of their like-minded group.

One of my colleagues further inferred that such extreme measures to ensure privacy might be construed to mean that either they had just invented the 500 MPG carburetor or perhaps it might even put them on the radar as a potentially subversive group.

I mean, c'mon! The packets are still traversing the net.

Now, with regards to other nations. Germany has upset some of its citizens (quite a few actually), who have chosen to utilize proxies and anonymize themselves due to prohibited (and blocked) Internet resources and in some cases the actual threat of prosecution.

But this governmental folly has merely emboldened and spurred the Piraten's (The Pirate Party) into heralding their defiance from the highest rooftops - the healthy and effective way to gain attention, critical mass, and affect policy change IMO.

Yet China was the first to come to mind when you mentioned 'authoritarian controls', and my final point has to do with a thread related to a popular plugin: "X-Marks is blocked in China".

No one can answer why this is so. It has been suggested that the domain name once belonged to a Pr0n outfit. Other's claim that there are other reasons for China to block their subjects from reaching the X-Marks servers. But the result simply forces people there to use things like Tor to perform an end run around such blockades, effectively nullifying such silly efforts.

I'm all for privacy. I defend my prerogative to exercise extreme measures to ensure it on a whim.

But seriously folks - the best reasons for uber secure communications are either that:

1.) You're a subversive (the definition of which is subjective)

2.) You're a paranoid

3.) You have a very real need to protect industrial or commercial secrets from competitors

4.) You're a geek and you simply can (round of applause here people)

5.) You ARE the government

But John, the funniest thing in all of this is that I just have to scratch my head when I read earlier in the comments above and see that some people are using Tor and complaining about resolving Yahoo mail ;)

I hope this isn't intruding, but in case the parent does not get back to you, I'll try to answer your question while I am here.

Tor is technically about separating identification (via IP addresses) from routing. Most people generally think of that as anonymization. Under that umbrella there are a wide variety of use cases. (Last time I checked, torproject.org had an excellent "who uses Tor?" page.) Some people are just trying to keeps corporations from tracking them around the Internet. At another extreme. there are certainly people in China using it to get around "The Great Firewall of China". The later continues to be a cat and mouse game, with Chinese users making use of "bridges" to get to the Tor network. So as you put it, "the technology speaks for itself". The uses are many.

If you want to keep you finger on the pulse of what is happening in the Tor world w/o getting too deeply involved, you might want to subscribe to the or-talk mailing list. (A "busy" day might be around 15 posts; some days are as light as 3 or fewer.)

It is not clear to me what you are concerned about. If you are concerned about the program itself not being what it claims, the source code is available for inspection and (if you wish) compilation. While that is not a perfect guarantee, it is the best (to my knowledge) that can be done.

If you are concerned about malicious node operators, the system is designed where it is not necessary to trust the operators. Each (of 3) nodes can only see the previous node and the next node, where it is understood that on the first and last node, these refer to the originator and target respectively. The encryption prevents the operators from seeing other information. (There are detailed design documents available to explain all of this.)

The one special case where an operator can snoop or alter contents is at the exit node, and then only if end-to-end encryption (such as https) is not used. But even though the exit node operator can read and alter contents, the originator is still unknown to them unless there is something in the content that reveals the user's identity. You just need to be aware of this weakness and act accordingly. (An ongoing project is an attempt automate the identification of such rogue nodes and flag them so that they don't get used as exit nodes. But while that is a good idea, you still cannot assume they will all be caught.)

And the final server, if you are using an unencrypted protocol. Use https/imaps/stunnel/etc. over TOR and you should be safe from snooping on the last hop too. (Apart, as noted, from the target server itself being compromised.)

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.